Only the latest commit on the main branch receives security fixes.
Older snapshots and tagged releases are not guaranteed to receive backports.
| Version | Supported |
|---|---|
main (latest) |
Yes |
| Older snapshots | No |
Do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities by emailing the maintainer directly:
security contact:
Keepsloading@gmail.com
Please include:
- A description of the vulnerability
- Steps to reproduce, if possible
- Potential impact
- Any suggested mitigations or workarounds
We aim to acknowledge reports within 72 hours and will keep you informed as we work toward a fix.
We ask that you:
- Refrain from publicly disclosing the issue until a fix has been released.
- Avoid testing in a way that disrupts services or affects other users.
- Act in good faith and respect user data and privacy.
We follow a coordinated disclosure approach: the vulnerability will be disclosed publicly only after a fix is available.
When using this project we recommend:
- Running software in a secure, isolated environment.
- Keeping all dependencies up to date.
- Never committing sensitive API keys or credentials to
.envor any public file.